A Cyber Parable: Imagine you are a chicken rancher. Your chicken are free-range, no antibiotics, and (most importantly) hypo-allergenic. So, people with egg allergies can use your eggs to make cookies and other goodies. If they ever inadvertently eat store bought eggs they would die. You can see the value in your eggs.
You Are At Risk: But who would even want to harm your business. You are small. You only serve a small geographic area. Imagine, you have a very elite clientele. Because your eggs are so unique, your clientele consists of some very influential and powerful people. If a criminal wanted to target a powerful person, they wouldn’t have to do it directly. All they have to do is gain access to your hen houses and plant store bought eggs. Then wait for you to deliver them to your clients. It doesn’t even matter to the criminal if they hurt others as well. Those would merely be collateral damage to the criminal. As long as their target was affected, their mission is complete.
Supply-Side Attacks: This is pretty much how supply side software attacks happen. A legitimate software vendor with lackadaisical security on their software repository (the henhouse) gets infiltrated by a threat actor. A legitimate file (your precious eggs) gets infected with malware (store bought eggs), then the threat actor simply waits for the vendor to ship out the infected file.
Does this happen? You bet it does. A few months ago, a huge software vendor named SolarWinds had this happen to them. It affected about 18,000 of their high value customers.
Try This: So now we find we can’t even trust the vendors to keep their software repositories (their hen houses) safe. But what can you do about it? Here’s what you can do. Before you install any new software or any update, you can upload the software to virustotal.com and have the file scanned for you at no cost. It’s not foolproof but will give you at least a small measure of assurance the file hasn’t been tampered with.
Some Cautionary Statements: There are two possible problems here. First, VirusTotal is a public website, so don’t upload any sensitive files. Second, VirusTotal will only report a file as malicious if: 1. VirusTotal has seen it before AND 2. The antivirus engines it uses to scan the file has verified the file is malicious. What this means to you is, if the good eggs were just switched out for bad eggs this morning, VirusTotal will not know it’s bad. And you will install malicious software. So, with this technique, your mileage may vary.
Other Options: There are other options for your protection that we have discussed in other articles like application whitelisting and ring fencing that can provide more protection. Ask us or your local cyber team about it.